On Fri, Feb 17, 2023 at 04:11:10PM +0100, Peter Krempa wrote:
> For all other objects we allow the 'read' permission for anonymous
> users. In fact the idea is to allow all permissions users using the
> readonly connection would have.
>
> This impacts the following APIs (in terms of RPC procedure names):
>
> $ git grep -A 3 node_device:read | grep REMOTE
> src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_GET_XML_DESC = 114,
> src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_GET_PARENT = 115,
> src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_NUM_OF_CAPS = 116,
> src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_LIST_CAPS = 117,
> src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_GET_AUTOSTART = 433,
> src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_IS_PERSISTENT = 435,
> src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_IS_ACTIVE = 436,
>
> Fixes: a93cd08f
> Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
> ---
> src/access/viraccessperm.h | 1 +
> 1 file changed, 1 insertion(+)
Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
>
> diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h
> index 051246a7b6..2f04459ed9 100644
> --- a/src/access/viraccessperm.h
> +++ b/src/access/viraccessperm.h
> @@ -473,6 +473,7 @@ typedef enum {
> /**
> * @desc: Read node device
> * @message: Reading node device configuration requires authorization
> + * @anonymous: 1
> */
> VIR_ACCESS_PERM_NODE_DEVICE_READ,
>
> --
> 2.39.1
>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
